This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Custom Application and TAC

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom Application and TAC

Go to solution
ghostrider
L4 Transporter

‎10-22-2016 03:00 PM

Hello 

 

Can I request to TAC to create custom application or I have to do by my self? I found this but I guest it is for public application not for internal.

http://researchcenter.paloaltonetworks.com/submit-an-application/

0 Likes Likes
18 REPLIES 18

Go to solution
ghostrider
L4 Transporter
In response to reaper

‎11-08-2016 01:40 AM

@reaper thanks. what about client server applications (tcp/udp) custom applicaitons, there is any parent tcp/udp application like web-browsing for web-application?

Also for build custom application in a rule, should I ask application to check all the funtionalities of application while doing the packet capture? I mean how much traffic need to pass for the rule to build custom application. Appreciated your recommendation

0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to ghostrider

‎11-08-2016 02:18 AM

have you checked out these articles ? 

Getting Started: Custom applications and app override

Tips & Tricks: Custom Vulnerability

 

the amount of data needed for your custom application depends on how your app was created

 

normally AppID kicks in before the first 2000bytes/8packets but for web-based applications, AppID keeps scanning longer so if your application can only be identified by some string of data in the payload of a web-based session, you can use that to trigger. You will need to decide how long your packetcapture needs to be to get to the information you want to use to create a custom app as in the end you decide which 'string' will need to be matched

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Go to solution
ghostrider
L4 Transporter
In response to reaper

‎11-08-2016 12:08 PM

@reaper The system automatically doing the packet capture for unknown-tcp. Is that capture sufficient for make custom app? 

0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to ghostrider

‎11-09-2016 05:09 AM

maybe 🙂 it will capture the packets it cannot identify which will likely contain the signature you want to be looking for, but I would recommend setting up a proper packetcapture to make sure you have a good view of what packets are exchanged and the payload therein

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 6598 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks